Privacy Policy
KUCOIN TR KRİPTO VARLIK ALIM SATIM PLATFORMU ANONİM ŞİRKETİ
CLARIFICATION TEXT ON PROCESSING OF PERSONAL DATA / PRIVACY POLICY
As KuCoin TR Kripto Varlik Alim Satim Platformu Anonim Şirketi (“Company”, “we”, “our”, “us” or “KuCoin TR”), we process your personal data through the KuCoin TR branded electronic commerce platform, the Company’s related features and services, as well as other affiliated channels, platforms, mobile websites, or applications ("Platform") according to this “Clarification Text on Processing of Personal Data” or “Privacy Policy”, we place great importance on the privacy and protection of your personal data and therefore act with care by taking all necessary precautions.
We are the data controller in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) with regard to personal data collected from customers.
1. PROCESSING YOUR PERSONAL DATA
The personal data listed below is collected and stored within the framework of our relationship, depending on the nature of products and services you receive from the Company:
- Identity information (such as name, surname, T.C. identity number, mother’s name, father’s name, passport number, identity documents issued by the relevant state authority, date of birth, place of birth, gender, photograph, marital status, citizenship information, nationality information, registry information, tax identification number, social security number, citizenship number, signature sample, and near-field communication data from documents such as ID and passport),
- Contact information (such as address information, residence information, registered electronic mail address (KEP), phone numbers, email address),
- Customer transaction information (such as crypto asset trading transactions, transaction request information, device and access information used, wallet used for transfer or wallet to which transfer is made, recipient information, order information, asset information, customer wallet address),
- Financial information (such as income level, account number, digital wallet address, reference number, credit card, IBAN number, financial performance information, risk information, asset information, experience related to investments and crypto assets),
- Risk management information (such as information processed for managing commercial, technical, administrative risks),
- Location information (such as approximate location information),
- Professional experience information (such as profession, title, work information, education status, resume information),
- Transaction security information (such as customer and account information required to access electronic channels, username, location information processed for purposes such as security applications used on these channels and compliance with legal obligations, password and passcode information, audit trails, IP addresses, website access codes, website login/logout information, biometric data processed with the customer's consent, and electronic log records showing the source of the order),
- Visual and audio recording information (such as customer support centre records including complaints, photos including those on ID cards, video recordings including video calls, audio recordings),
- Application information (such as application interaction information, page visits, button clicks, in-app search history, content created/developed by the customer, application version, application language, application package name, download channel, crash reporter/notifier, diagnostic log, performance data (CPU, memory, etc.)),
- Transfer record information showing deposit or withdrawal history from a third-party exchange platform or private crypto wallet (such as URL of the exchange website, specific withdrawal log, withdrawal time, withdrawal coin, withdrawal amount, withdrawal destination address, transaction record's associated transaction hash/hash function (TXID), sender's wallet address, specific token type, transaction date, transferred amount, recipient's wallet address, deposit time, deposited coin, deposited amount, deposit destination address)
- Device information (such as network operator, device brand, system and version, device model, screen width and height, UTC difference/time zone difference, device manufacturer, number of cameras, device storage space, system language, network type, SIM card status, browser user agent, CPU name, CPU instruction set, motherboard model, screen features/display properties, radio software version, gyroscope data, IP address, MAC address, fingerprint ID, advertising ID, Android ID, open advertising ID (OAID), international mobile equipment identity (IMEI), globally unique identifier (GUID), service set identifier (SSID))
- Biometric information (such as thumbprint and facial recognition)
2. PERSONAL DATA COLLECTION AND STORAGE PERIODS
Your personal data is collected by the Company during the provision of services, and during face-to-face meetings, or via email during any support and feedback communications. We collect your personal data through various methods, including the use of communication forms on the Platform, call centres, websites, the Platform itself and digital messaging platforms, in any written, verbal, and visual format, electronically or physically, automatically or non-automatically.
In addition, cookies and other technologies are used on the Platform to collect your personal data. Browsers generally allow the use of cookies automatically. You can manage the use of cookies by changing your browser settings. You can disable, delete, and change your cookie preferences for non-essential cookies. Changing your cookie settings and disabling non-essential cookies will not affect your use of our services, but you may not be able to fully utilise certain features of the Platform. For details on how to manage your cookie settings, please refer to your browser's instructions and help functions. For more information, please review our Cookie Policy[TK1] .
If you have given us permission to collect location information through your mobile device via the mobile application, we may collect your physical location information in terms of latitude and longitude using technologies such as GPS, Wi-Fi, or cell tower proximity. You can withdraw the permission you have given us to collect your physical location information through your mobile device settings; however, we do not control this process. If you have questions about disabling location services on your mobile device, we recommend contacting your mobile device service provider or manufacturer.
In this context, we process, store, and ensure the security of your personal data collected by us in a manner that is proportionate and limited and in accordance with the principles set forth in Article 4 of the Law, for the purposes and legal grounds specified below.
Your personal data will be stored for as long as you continue to use the Platform and, if applicable, for the duration of your relationship with the Company, extended by applicable limitation periods. In cases where we process your personal data in accordance with our legal obligations, we will retain it for the duration of these obligations, and upon the expiration of the applicable data retention period, your personal data will be deleted or anonymized in an irreversible manner.
3. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
The personal data collected by the Company is processed with your explicit consent pursuant to Article 5/1 of the Law, explicitly prescribed by law pursuant to Article 5/2(a) of the Law, necessary processing for the establishment or performance of a contract, processing of personal data belonging to the parties to the contract pursuant to Article 5/2(c) of the Law, necessary for the data controller to fulfill its legal obligation pursuant to Article 5/2(ç) of the Law, mandatory processing for the legitimate interests of the data controller as stated in Article 5/2(f) of the Law. We process data for the purposes stated below, provided that it does not infringe upon your fundamental rights and freedom:
- Creating customer accounts, completing registration processes, operating and updating your account, managing customer information,
- Carrying out customer account level upgrade processes,
- Carrying out customer relationship management processes and performing identity verification procedures, conducting customer verification (KYC and KYB), closing accounts through non-face-to-face identity verification, resetting phone numbers/email addresses.
- Confirmation/verification of digital asset trading relationships, inheritance and transfer transactions, matters related to the general management of digital asset trading relationships, including the setting up, maintenance, and termination of services, prevention of unauthorized use,
- Recording the information on the front and back of the identity card into the system for the purposes of verifying the information/security features on the identity document without the need to be physically present with the Company’s customer representative; and during the remote identification process to verify the identity of our customer by using online video calling services, the photograph on the contactless chip on the ID document, if it can be collected using near-field communication, will be used to verify the identity of the customer. If this is not possible, a biometric comparison of the photo on the ID document will be conducted,
- Creation of a customer database,
- Monitoring of financial transactions, identification of customers who have carried out suspicious transactions, and reporting suspicious transactions to the Financial Crimes Investigation Board,
- Providing all investment services and other ancillary services, including the purchase and sale of crypto assets, investment advisory services, in accordance with the relevant capital market legislation, including the Capital Markets Law No. 6362 III-35/B.1 Communiqué on the Principles of Establishment and Activities of Crypto Asset Service Providers and III-35/B.2 Communiqué on the Working Procedures and Principles of Crypto Asset Service Providers and Capital Adequacy, and to fulfill, execute and develop related transactions, manage operational processes, and comply with risk monitoring and information obligations,
- Performing our obligations arising from the legal regulations to which we are subject, primarily the Law No. 5549 on the Prevention of Money Laundering, the Law No. 4208 on the Prevention of Money Laundering, and the Regulation on Measures to Prevent Money Laundering and the Financing of Terrorism, sharing information with authorized authorities, and conducting investigations,
- Fulfilling the requirements of the contract(s) you signed with the Company,
- Contacting companies from which custody services are obtained,
- If you visit the platform, performing our obligations regarding the retention of internet access records under Law No. 5651 on the Regulation of Publications Made on the Internet and the Fight Against Crimes Committed Through These Publications, fulfillment of our information security obligations, protecting and optimizing the functionality of the Platform and services, analyzing your personal preferences and Platform usage,
- If you give your consent; conducting analysis and targeted advertising, sending commercial electronic messages regarding our services and the Platform, including advertisements, promotions, and campaigns,
- Designing the Company’s business processes and activities, planning and executing operational processes and purchasing operations,
- Managing relationships established with service providers, business partners, or suppliers in case of outsourcing,
- Analysing and developing the Company’s information security processes, establishment, management and implementation of information systems infrastructures, improvement, upgrading, and updating Platform services,
- Determining appropriate products, services, and platforms for customers, customizing and developing them, and providing effective customer service,
- Ensuring and improving coordination, collaboration, and efficiency between departments within the Company,
- Notifying you of changes in legislations or rules and policies accepted by the Company or providing other notifications that concern you,
- Conducting lawsuits and enforcement proceedings to which the Company is a party and monitoring and executing other legal processes,
- Managing all requests and complaints, including customer relations, experience, satisfaction, complaints, appeals, requests, suggestions, etc.,
- Conducting usage statistics and analyses, performing analyses based on behavioral modeling, conducting customer satisfaction studies, using call recordings made through the call center to improve service quality, processes for product/service offerings, promotion, marketing, and campaign activities, providing information for various events and promotions, and conducting product/service marketing processes.
4. TRANSFER OF PROCESSED PERSONAL DATA
In cases where it is required by legislation and with your consent, your personal data held by the Company may be transferred to individuals/institutions located domestically and abroad for the purposes specified below, provided that the general principles set out in Article 4 of the Law and the conditions stipulated in Articles 8 and 9 are complied with and necessary security measures are taken;
- Persons, institutions, financial institutions, and other individuals permitted by the Capital Markets Law No. 6362 and other legislation, such as Crypto Asset Service Providers, the Scientific and Technological Research Council of Turkiye, the Public Disclosure Platform, the Turkish Electronic Fund Trading Platform, the Banking Regulation and Supervision Agency, the Capital Markets Board, Turkish Capital Markets Association, capital market institutions, the Capital Markets Licensing Registry and Training Agency Inc., Turkish Appraisers Association, the Central Securities Depository Inc., Borsa Istanbul Inc., Istanbul Settlement and Custody Bank Inc., pension investment funds, portfolio custodian institutions, publicly traded companies, the Revenue Administration, the Financial Crimes Investigation Board, institutions providing market-making or liquidity-providing services, and other relevant persons, institutions, and/or organizations authorized by law to obtain information, for the purpose of regulation and supervision, conducting financial activities, legal reporting, handling complaints and legal proceedings, fulfilling our legal obligations, and providing the services provided;
- For the purpose of following up and conducting legal matters, to judicial authorities, enforcement offices, and law firms;
- For the purpose of auditing activities are carried out in accordance with the legislation, to independent audit firms;
- To persons and institutions from whom we receive external services in order to provide support and consultancy services to the Company;
- To domestic and foreign official institutions and authorities, financial institutions, crypto asset service providers, liquidity providers and market makers for the purpose of fulfilling obligations regarding the identification of persons who are parties to the transaction, as required by nature of the transaction;
- Group companies, business partners, suppliers;
and not limited to these, to other natural and legal persons to whom data transfer is mandatory, within the scope of legal compliance reasons.
When you click on external links on the Platform that redirect you to a third-party website or a website of a third-party partner, we would like to point out that you agree to comply with the separate and independent privacy policies of these third-party websites. You understand and agree that we are not responsible for the contents or activities of such third-party websites. Details information about third parties to whom your personal data may be shared in this context can be found in Appendix 2 of this Clarification Text.
5. YOUR RIGHTS AS A DATA SUBJECT
Pursuant to Article 11 of the Law, which regulates the rights of data subjects, you may apply to the Company to:
- learn whether your personal data has been processed,
- if so, to request information about such processing,
- learn the purpose of processing and whether it is used for its intended purpose,
- learn the third parties to whom it has been transferred within or outside the country,
- request correction of incomplete or incorrectly data,
- request deletion or destruction of data in accordance with the conditions set forth in the Law,
- request that third parties to whom the data has been transferred be notified of the correction, deletion, or destruction of data,
- object to any adverse outcome resulting from analysis, exclusively through automatic systems,
- request compensation for any damage you may have suffered due to processing of your personal data in violation of the Law.
If you request the deletion or destruction of your personal data, we will be able to fulfill your request at the end of the period specified in the legal requirements.
It is important that the personal data we hold about you is accurate and up to date. Therefore, we would like to emphasize that you are obliged to inform us of any changes to your personal data.
You may submit your requests in this context in writing and by hand to the address of Nispetiye Mah. Nispetiye Cad. No: 24 Kapı No: 17 Besiktas/Istanbul, proving your identity or send it via a notary public in accordance with “Notification on the Procedures and Principles of Application to the Data Controller”. Additionally, you may submit your requests to the email address of basvuru@kucoin.tr using a secure electronic signature, mobile signature, or your company email address registered in our system.
APPENDIX- 1: Application and Information Permissions
The Company may request certain application and information permissions from customers. The list of these permissions, along with their justifications, is provided below. Customers should be aware that device permissions are not granted automatically, even if they have been informed in the Clarification Text. For critical or sensitive permissions, the Company will notify customers via a pop-up window to obtain explicit consent while using/benefiting from the relevant functions.
Any permission granted can be revoked at any time via device settings. It should be noted that denying permissions will not prevent the normal operation or use of the Platform.
Customers have the option to disable some or all of the requested permissions through device settings. The display and configuration of permissions may vary depending on the device model and operating system. If customers cannot find the relevant function, it is recommended to contact device or system manufacturers for assistance.
Applies to the Company’s Android Mobile Application:
|
Application Permissions |
Description |
Usage Scenario and Purpose |
|
android.permission.INTERNET |
Allows the application to access the network |
Allows the application to access the network |
|
android.permission.ACCESS_NETWORK_STATE |
Allows the application to access the network status |
Allows the application to access the network status |
|
android.permission.ACCESS_WIFI_STATE |
Allows application to access Wi-Fi status |
Allows application to access Wi-Fi status |
|
android.permission.FOREGROUND_SERVICE |
Allows the application to start foreground services |
Allows the market indicator tool (“ticker widget”) to access real-time market data |
|
android.permission.RECEIVE_BOOT_COMPLETED |
Allows the application to receive system broadcasts |
Allows WorkManager to start background tasks |
|
android.permission.USE_BIOMETRIC |
Allows the application to use biometric identity verification |
Enables the collection of fingerprint and facial recognition data to facilitate quick login |
|
android.permission.USE_FINGERPRINT |
Allows the application to use fingerprint hardware |
|
|
android.permission.VIBRATE |
Allows the application to use the vibration motor |
Receives offline push notifications and initiates a vibrating alert |
|
Initiates a vibrating alert during the KYC identity verification process |
||
|
Initiates a vibrating alert when a button is clicked within the application |
||
|
android.permission.WAKE_LOCK |
Prevents the processor from entering sleep mode or the screen from dimming |
Keeps the screen on during the execution of the KYC identity verification process |
|
When WorkManager starts a background task, it prevents the processor from entering sleep mode |
||
|
android.permission.READ_PHONE_STATE |
Provides read-only access to the phone status |
Risk control environment determination function collects device information ("IMEI"), network information, and location information, etc. |
|
Performance and stability analysis collects device information ("IMEI"), network information, and location information, etc. |
||
|
android.permission.ACCESS_COARSE_LOCATION |
Allows the application to access approximate location |
Collects GPS data when entering the KuCoin TR homepage (as required by government regulations) |
|
android.permission.CAMERA |
Allows the application to access the camera device |
Collects facial data while performing KYC identity verification |
|
android.permission.POST_NOTIFICATIONS |
Allows the application to send notifications |
Enables the system notification bar while receiving instant notifications from Aurora |
|
android.permission.READ_EXTERNAL_STORAGE |
Allows the application to read data from external storage |
Image/picture selection, for example: KYC identity verification, wallet address extraction, etc. |
|
(Below Android 13) |
|
Collects facial video (including audio) information for KYC identity verification occurring on third-party platforms |
|
|
|
Screenshot sharing to save photo data |
|
android.permission.WRITE_EXTERNAL_STORAGE |
Allows the application to write to external storage |
|
|
(Below Android 13) |
|
|
|
android.permission.READ_MEDIA_IMAGES |
Allows the application to read image files from external storage |
|
|
(Android 13 and above) |
|
|
|
android.permission.READ_MEDIA_VIDEO |
Allows the application to read video files from external storage/storage |
|
|
(Android 13 and above) |
|
|
|
android.permission.SYSTEM_ALERT_WINDOW |
Allows the application to create a window and display it above other applications |
Floating window for market monitoring |
|
android.permission.WRITE_SETTINGS |
Allows the application to read or write system settings |
Records the device identity in system settings for fingerprint risk control |
|
Clipboard |
Allows the application to access clipboard content |
Retrieves the verification code from the clipboard during the identity verification process |
|
|
|
Retrieves the address from the clipboard when adding a wallet address |
|
freemme.permission.msa |
Allows the retrieval of the device identifier |
Collects device identifiers for fingerprint risk control |
|
com.asus.msa.SupplementaryDID.ACCESS |
Allows the retrieval of device identifier information (OAID) |
Retrieves/collects the OAID identity for fingerprint risk control |
|
(ASUS Devices) |
|
|
|
com.google.android.c2dm.permission.RECEIVE |
Allows the creation of IID tokens |
Older versions of Google Play services require the creation of IID tokens for FCM push notifications |
|
com.google.android.gms.permission.AD_ID |
Allows access to the advertising ID |
Collects/retrieves the advertising ID for FCM push notifications |
|
com.kubi.turkey.permission.JPUSH_MESSAGE |
Grants permission to receive push notifications |
Aurora's push notifications |
|
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE |
Grants permission to retrieve/collect setup reference information |
Used to collect statistics related to application performance, such as crash information. |
|
com.kubi. turkey.permission.liantian.RECEIVE |
Allows checking whether the license is valid |
When the application is launched |
|
com.kubi. turkey.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION |
Broadcast receivers registered by an application are not exported and cannot be viewed by other applications on the device. |
While the application is in use |
|
android.permission.READ_APP_BADGE |
Allows changing the application's icon |
The desktop icon shows the number of red dots when a new message is received |
|
com.sec.android.provider.badge.permission.WRITE |
|
|
|
com.htc.launcher.permission.READ_SETTINGS |
|
|
|
com.htc.launcher.permission.UPDATE_SHORTCUT |
|
|
|
com.sonyericsson.home.permission.BROADCAST_BADGE |
|
|
|
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE |
|
|
|
com.anddoes.launcher.permission.UPDATE_COUNT |
|
|
|
com.majeur.launcher.permission.UPDATE_BADGE |
|
|
|
com.huawei.android.launcher.permission.CHANGE_BADGE |
|
|
|
com.huawei.android.launcher.permission.READ_SETTINGS |
|
|
|
com.huawei.android.launcher.permission.WRITE_SETTINGS |
|
|
|
com.oppo.launcher.permission.READ_SETTINGS |
|
|
|
com.oppo.launcher.permission.WRITE_SETTINGS |
|
|
|
me.everything.badger.permission.BADGE_COUNT_READ |
|
|
|
me.everything.badger.permission.BADGE_COUNT_WRITE |
|
|
|
android.permission.ACCESS_ADSERVICES_AD_ID |
This permission allows the application to obtain the device's advertising identifier through Google Play services. |
When using Google advertising services |
|
android.permission.ACCESS_ADSERVICES_ATTRIBUTION |
This permission allows the application to access data about the effectiveness of its advertising campaigns. |
When using Google advertising services |
|
android.permission.RECORD_AUDIO |
Uses the microphone for audio recording |
KYC video verification |
|
android.permission.FOREGROUND_SERVICE_MICROPHONE |
Allowing the registration service to access the microphone. |
Preventing interruptions during KYC video verification while the application is in the background |
|
android.permission.MODIFY_AUDIO_SETTINGS |
Changing audio settings |
Enables microphone usage to collect and capture audio information by changing audio settings during the KYC video verification process |
Applicable to the Company’s iOS Mobile Application:
|
Application Permissions |
Description |
Usage Scenario and Purpose |
|
Location service |
Location service - approximate location |
Risk control |
|
Photo |
Photo |
Identity verification, deposit and withdrawal, |
|
Microphone |
Microphone recording |
Payment via Forter |
|
Camera |
Camera |
Identity verification, deposit and withdrawal, |
|
Face Verification or Fingerprint |
Face Biometric Data Verification |
Quick login |
|
Network |
Network permissions (for local banks only) |
For access to home devices on the network used for the first time |
|
Instant notification |
Instant notification permissions |
Instant notifications |
|
IDFA |
Unique device identifier |
Data reporting from third-party SDKs like Firebase ("software development kit") |
|
Clipboard |
Clipboard |
1. Retrieves the verification code from the clipboard during the identity verification process 2. Retrieves the address from the clipboard when adding a wallet address |
|
Background Modes |
Sound, Airplay, and Image in Image Options |
Prevents KYC video verification from being interrupted when the app goes to the background |
APPENDIX-2: Third Party Information
(1) SDK Name: Aurora Push SDK
Purpose: Used to send push notifications to user devices
Usage Location/Scenario: Instant notifications
Type: Device identifiers (IMEI, IDFA, Android ID, GAID, MAC, OAID, IMSI, MEID, UAID, etc.), Device hardware information (device model, device screen resolution, device hardware manufacturer, device product name, etc.), Operating system information (operating system version, system name, system language, etc.), Network information (network type, operator name, base station information, IP address, Wi-Fi information, SSID, BSSID), Notification information record (used to query notification service records and understand the delivery status of notifications), Location information (used to send notifications to specific regional groups), Software list information (software list and software working list information)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official Website: Aurora Mobile - A leading mobile developer service provider in China helps companies improve operational efficiency, user growth, and traffic monetization
Privacy Policy: JG Privacy Policy
(2) SDK Name: Sensors Data analysis SDK
Purpose: User behavior analysis
Usage Location/Scenario: When the service is used
Type: Device information (IMEI, Android ID, OAID, IDFA, IDFV, UUID, IMSI, MAC address, browser type, telecom operator, device brand), Registration information (service usage, IP address, language used, access time), Location information (location information obtained from IP address, GPS location information), Unique application number (application unique identifier, application name, and application version number)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official Website: Sensors Data|CDP and Data Analytics Platform
Privacy Policy: Privacy Policy
(3) SDK Name: Bugly
Purpose: Perform performance and stability analysis
Usage Location/Scenario: When the service is used
Type: Device information (device model, operating system and version, Wi-Fi status, CPU features, remaining memory space, disk space / remaining disk space, phone status during runtime, IDFV, jailbreak status, region code), Application information (application version, crash log, diagnostic log, performance log)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official website: https://bugly.qq.com/v2/index
Privacy Policy:
https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56
(4) SDK Name: Firebase
Purpose: Performance, stability, and user behavior analysis
Usage Location/Scenario: When the service is used
Type: Device information (device model, operating system and version, mobile advertising ID, IDFV/Android ID, Firebase installation ID, application instance ID, IP address), Application information (application version, crash log, diagnostic log, performance log), Application activity (application interaction information, user-generated content)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: 14 months after the deletion of the Firebase installation ID
Official Website: Firebase | Google's Mobile and Web App Development Platform
Privacy Policy: Privacy and Security in Firebase
(5) SDK Name: Jumio
Purpose: Identity verification and fraud prevention
Usage Location/Scenario: During KYC identity verification
Type: Personal information (name, address, email, ID card, driver's license number, passport number), Device information (IP address, location information, operating system, browser type, browser settings, website activity information, camera name, Android ID), Financial information (credit card, debit card number, CVV, expiration date, transaction information), Images or recordings (photos, videos, audio recordings), Biometric data (Facial Recognition)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: 3 years
Official Website: https://www.jumio.com/
Privacy Policy: Online Services Privacy Notice | Jumio Privacy and Trust Center
(6) SDK Name: hCaptcha
Purpose: Preventing bots
Usage Location/Scenario:
(a) When users log in and verify that they are not robots
(b) When users register and to verify that they are not robots
(c) When users click the forgot password button and to verify that they are not robots
(d) When sending verification codes
Type: Device information (hardware serial number, IP address, browser type, network provider, platform type, device type, operating system, date and time stamp access), Application interaction information (mouse movement, scroll position, key events, touch events)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Resmi Sitesi: https://www.hcaptcha.com
Privacy Policy: hCaptcha - Privacy Policy
(7) SDK Name: Forter
Purpose: Preventing disputes over fiat orders
Usage Location/Scenario: When users purchase cryptocurrency with a bank card
Type: Personal information (name, country, city, phone number, email), Transaction information (bank account number, order ID, order date, transaction status, total order amount, fiat type, cryptocurrency type, cryptocurrency price, cryptocurrency amount), Device information (device identifier, IP address), Application activity information (hardware and software features (camera), installation list, list of running services), network information (Wi-Fi information, operator information)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official Website: Identity Intelligence for Digital Commerce
Privacy Policy: Website Privacy Policy
(8) SDK Name: Sumsub SDK
Purpose: Remote identity verification and fraud prevention
Usage Location/Scenario: During KYC identity verification, KYB and KYT
Type: Personal information (full name, gender, personal identification code or number, date of birth, legal capacity, nationality and citizenship), Identity document data (document type, issuing country, identification number, expiration date, MRZ, information contained in document barcodes (may vary depending on the document), security features),
Device information (IP address, device identifier, operating system, browser type, browser settings, website activity information), Application activity information (software and hardware features (camera and device name); Applicant ID),
Geolocation data (IP address and domain name; general geographical location from the Data Owner’s device (e.g., city, country)), Biometric data (Facial Recognition)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: 5 years
Official Website: Identity Verification Service - G2 Leader 2023 | Sumsub
Privacy Policy: Privacy Notice (Website and Mobile App) | Sumsub.com
(9) SDK Name: Shumei SDK
Purpose: Data statistics and fraud prevention
Usage Location/Scenario: When business network requests are sent
Type: (1) Basic equipment information, equipment brand, equipment manufacturer, equipment model number, equipment name, equipment system type and version, equipment basic configuration, equipment basic settings, equipment environment.
(2) Device identifiers, Android ID, IDFV (Identifier for Vendor), IDFA (Identifier for Advertisers), OAID (Open Anonymous Device Identifier).
(3) Device network information including network access form, wireless router ID (BSSID, SSID) and IP address, WIFI list, network operator information, network base station information, network connection status, MAC address.
(4) Device application information including SDK host application package name and version number.
(5) Reading external storage, obtaining a list of services running to identify some sandbox file information and device risk control.
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official Website: https://help.ishumei.com/
Privacy policy: https://help.ishumei.com/docs/tw/sdk/guide/developDoc
(10) SDK Name: BirAPI
Purpose: TRY on&off ramp (third party)
Usage Location/Scenario: When users perform TRY deposit/withdrawal transactions
Type: IBAN, Identity, Name
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: Personal information of end users is stored only for the minimum duration necessary to achieve the purpose
Official Website: BirAPI
(11) SDK Name: TMXProfiling
Purpose: Purchase cryptocurrency
Usage Location/Scenario: Preventing disputes over fiat orders
Type: Personal information (name, country, city, phone number, email), Transaction information (bank account number, order ID, order date, transaction status, total order amount, fiat type, cryptocurrency type, cryptocurrency price, cryptocurrency amount), Device information (device identifier, IP address)
Transfer Method: Data is transmitted over the network
Storage and Usage Duration: 24 hours
Resmi İnternet Sitesi: https://www.cybersource.com/
Privacy Policy: https://usa.visa.com/legal/privacy-policy.html
